Transfer authorization

From Cyclos Wiki
Jump to navigation Jump to search

Description

A transfer types can be configured to require authorization before they can be processed. Only after the authorizing user has authorized the payment the payment is made. Authorizations can have different levels of authorizers, as described further below.

Business rules

There are authorization levels, these levels determine in which order the authorizations are demanded beginning with the first level and finishing with the last level (e.g. if the receiver has the first level and the payer the second and a payment between them is made, first the status of the payment will be "pending receiver" and after the receiver has accepted the payment the status will be "pending payer". Finally, after the payer has accepted the payment, the status will be "authorized").

The following users can authorize a payment:

  • Receiver, in this case the (destination) user receiving the payment will have to accept the payment. The receiver can authorize the payment by clicking on the "authorize" button in the pending authorization details.
  • Payer, in this case the the payer (originator) will have to accept the payment.
  • Broker, the broker of the member that made the payment will need to accept the payment.
  • "Role", in the authorization roles overview page roles can be created. These roles can be assigned in the permissions of the administrator group. The administrator having a role can authorize a payment done with a transfer type in which the role is defined in the authorization level.

Per level multiple authorizers can be defined. In that case both users can authorize the transfer in a certain level. When one of the users has accepted the transfer the other user doesn't need to accept it anymore.


For authorization, there are two general rules:

  • When creating the authorization levels: an authorizer can only be inserted once, except for authorization roles. E.g. if a level allows broker, then no other level can also allow broker. This is not applied for roles, as there could be cases where more than one administrator needs to authorize a payment, but they both belong to the same role.
  • The same user cannot authorize a payment twice, even if he has the roles (this from a security point of view).


A transfer always has the following status: Pending authorization Additionally it is stated that it is Awaiting authorization by

  • receiver
  • payer
  • broker
  • administrator (when there is a role assigned).
  • or a combination of the above (e.g. "broker/administrator" or "payer/broker/administrator")

Notifications

See authorize payments

Pages

Transfer type authorization levels overview

When a transfer type has been set to require authorizations (with checkbox: Require authorization) a tab will appear in the transfer type details with the name 'Authorization levels'. The page under this tab will list the existing authorization levels, and a 'Add' button to create a new authorization level (explained directly below).

Note: After an authorization level has been used (it has been used even if it is pending) it cannot be deleted anymore, but it can be changed. Also it is possible to turn of authorization in the transfer details page.

Search page (filters)

Fields Type Rules
Add Action button Opens an empty "Create new authorization level" page.

If your transfer type also allows scheduled payments, be aware that each authorizer should also have the permission to view scheduled payments. If the receiver is an authorizer and you allow scheduled payments, be sure to check the "Show scheduled payments to receiver" checkbox in the "transfer type".


Search result (list) *

* Automatically shows all transfer type authorization levels specified for the transfer type, sorted on level.

Fields Type Rules
Level Text (ready only) The authorization level.
Authorizer Text (read only) Shows the selected authorizers for this level e.g.: "Receiver, Role 1, Role 2." or "Broker, Payer, Role3.".
Remove Icon

Removes the authorization level. Only visible if the administrator has the Account configuration - Manage permission.

Row Link Opens the authorization level details.


Transfer type authorization level details

Fields Type Rules
Internal name Text
Show comments to users Boolean If selected the comment that can be inserted by the authorizer (upon authorization) will be show to the user. If not selected it will be only show to the authorizers and admins (with permissions)
Possible authorizers section
Receiver
 Boolean

When this checkbox is selected the payment receiver has to authorize the transfer.

  • Only visible if
    • transfer type "To" value is a user account, and
    • it is not already used in another level of this transfer type
Payer
 Boolean When this checkbox is selected the payer has to authorize the transfer.
  • Only visible if
    • transfer type "From" value is a user account, and
    • it is not already used in another authorization level of this transfer type
Broker Boolean When this checkbox is selected the broker of the user that makes the payment has to authorize the transfer.
  • Only visible if
    • transfer type "From" value is a user account, and
    • it is not already used in another level of this transfer type
Roles Multi selection Here you can select one of more authorization roles. Those roles need to be created first in: System - Account configuration - Authorization roles

Authorization roles are described in the section below.

The selected roles have to authorize the transfer.

  • Only visible if has defined
  • All roles are listed with a checkbox selection, that are not used in another level already
Apply on conditions section
Higher or equals than amount Currency amount Only applies when transaction is higher or equal than the amount specified
Lower or equals than amount Currency amount Only applies when transaction is lower or equal than the amount specified
Save Action button Saves the settings.
  • At least one of the authorizers needs to be selected (Receiver, Payer, Broker or Role).


Authorization roles overview

The authorization roles can be find under the (admin) menu: System - Account configuration - Authorization roles

Search page (filters)

Fields Type Rules
New Action button Opens a details page for creation of a new authorization role.


Search results (list *)

Automatically shows all authorization roles of the system, sorted by name.

Fields Type Rules
Name Text (read only) The name of the authorization role.
Quick link to transfer types Hyper link Shows a list of all transfer types in which that role is used:
  • The transfer types are listed under each other.
  • The transfer types are hyperlinks and link to the transfer type details page.
Remove Icon Removes the authorization role.
  • Roles can be removed even when there are authorization levels which use that role. Authorization levels will be removed if they have the removed role as unique role.
Row Link on row Opens the Authorization role details


Authorization role details

The authorization roles work as a bridge between an authorization level (where they can be selected) and admin groups, where they also can be selected.
So, instead of defining specific admin groups to act as payment authorizers, in the payment authorization level the 'role' can be selected, and this role can be added to multiple admin groups.

Fields Type Rules
Name Text
  • Required
  • Max. length: 100 characters
Internal name Text
Description Text area
Save Action button Saves the name of the authorization role.
  • A new role name must be unique.


Retrieved from "https://wiki.cyclos.org/index.php?title=Transfer_authorization&oldid=22843"